Malware

Should I remove “Zusy.392002”?

Malware Removal

The Zusy.392002 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zusy.392002 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Creates a copy of itself

How to determine Zusy.392002?



File Info:

name: 699FEB18EE25BC0F94F6.mlw
path: /opt/CAPEv2/storage/binaries/5117435fffe23c36a484661bcb7b8373f168c32a61d3a14cb56f9ad56b006c7b
crc32: 2140509D
md5: 699feb18ee25bc0f94f662b4ce184126
sha1: bf048426f7187e0bd0a4b16b18e34b595044dfb8
sha256: 5117435fffe23c36a484661bcb7b8373f168c32a61d3a14cb56f9ad56b006c7b
sha512: 006e9140da3e7056cdb4728fca3271d27167e0fc5934477c229c30ccac894493e1a6afdeb5b92d4a7b7d941d3e22b89ed51bb743ac8aec412d095bd6aefd17b2
ssdeep: 12288:J4A/4NB4gOy47p946g+4Se74ebTM4HUw+HIe:r/ohSwsIe
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1CAC41612A7F3F36DD30C72BFC4A66BB665189D6C7214129BF6D4FA6C2C312D88E25484
sha3_384: c4c9716c68111701316194bdb6cb8f4840baf39f31bd4d7b86226f16a90135b59f908602ad120c4636b1ab7d8f21061f
ep_bytes: 558bec6aff6820b4460068e69b460064
timestamp: 2021-07-07 20:12:00


Version Info:

Translation: 0x0000 0x04b0
CompanyName: Binary Fortress Software
FileDescription: HashTools
FileVersion: 4.3.0.0
InternalName: HashTools.exe
LegalCopyright: Copyright © 2007-2019 Binary Fortress Software
OriginalFilename: HashTools.exe
ProductName: HashTools
ProductVersion: 4.3.0.0
Assembly Version: 4.3.0.0

Zusy.392002 also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.392002
FireEyeGeneric.mg.699feb18ee25bc0f
ALYacGen:Variant.Zusy.392002
CylanceUnsafe
Sangfor[ARMADILLO V1.71]
K7AntiVirusTrojan ( 005821bc1 )
K7GWTrojan ( 005821bc1 )
CrowdStrikewin/malicious_confidence_70% (D)
CyrenW32/Staser.K.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Kryptik.HLQM
APEXMalicious
KasperskyHEUR:Backdoor.Win32.TeviRat.gen
BitDefenderGen:Variant.Zusy.392002
SUPERAntiSpywareTrojan.Agent/Gen-Zusy
AvastWin32:CrypterX-gen [Trj]
TencentTrojan.Win32.Staser.za
Ad-AwareGen:Variant.Zusy.392002
EmsisoftGen:Variant.Zusy.392002 (B)
McAfee-GW-EditionBehavesLike.Win32.Emotet.hh
Trapminemalicious.high.ml.score
SophosML/PE-A
IkarusTrojan.Win32.Crypt
GDataWin32.Trojan.PSE.3HRPE2
AviraHEUR/AGEN.1244176
MAXmalware (ai score=83)
ArcabitTrojan.Zusy.D5FB42
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R426052
Acronissuspicious
McAfeeGenericRXPD-HK!699FEB18EE25
MalwarebytesTrojan.Crypt
RisingTrojan.Kryptik!1.D770 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Kryptik.HLMN!tr
BitDefenderThetaGen:NN.ZexaF.34742.Iy0@amTGY0di
AVGWin32:CrypterX-gen [Trj]
Cybereasonmalicious.6f7187

How to remove Zusy.392002?

Zusy.392002 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment